MPs condemn government over L-driver data loss
Latest breach labelled "mind-bending"...
MPs have condemned the government over the loss of the personal information of more than three million learner drivers by the Driving Standards Agency (DSA).
Transport secretary Ruth Kelly admitted to Parliament this week that a hard disk went missing from a secure facility of the DSA's third-party contractor, Pearson Driving Assessments in the US, in May.
In response to Kelly's admission, Theresa Villiers, the Conservative shadow transport secretary said: "Taken together with the catastrophe at HMRC, this is further evidence of systemic failure in the government's handling of private data."
She added: "Quite simply, the government are failing in their duty to obey their own laws on data protection, and failing in their primary and fundamental duty to protect the interests of the people whom they were elected to serve."
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
Susan Kramer, the Liberal Democrat shadow for the Department for Transport (DfT) described the news of the latest breach as "mind bending", saying: "If that happened last May, why was the Secretary of State - never mind this House - not informed? The message is clear: the culture must change."
Kelly assured people the information did not include bank details, driving licence or national insurance numbers and that the disk had been formatted to work on Pearson systems, rendering it inaccessible to third parties.
She also outlined steps the DfT is taking to minimise the risk of a similar incident in the future. These measures include greater electronic transmission of data; plans to merge the DVLA's database in Swansea with that of the Driver and Vehicle Agency in Northern Ireland; and greater clarity of responsibility.
But the government's response was criticised by the opposition parties. The Conservative's Villiers said: "The question we have to ask is: why are these things being done only now, after the disaster at HMRC? Surely they are basic common sense and basic good practice."
And the Liberal Democrat's Kramer said: "She [Kelly] has been saying that electronic data transfer will provide adequate protection, but even the Pentagon has been hacked, so surely that would just change the method by which data are either lost or stolen."
Kramer asked whether Kelly agreed the government should minimise data held and make the rapid destruction of data part of its culture.
She added: "If my bank behaved like this, I would change it. Is not that an important message for the government?"
The data loss follows from HM Revenue & Customs (HMRC) losing two CDs containing details of more than 25 million people claiming and receiving child benefit as well as the Northern Ireland Driver and Vehicle Agency losing the details of around 7,600 people earlier this month.
Alistair Darling, Chancellor of the Exchequer, also updated Parliament on the review of HMRC processes and measures for protecting personal data.
He said the continuing police investigation into the HMRC breach does not indicate that any data has fallen into the wrong hands.
Information Commissioner, Richard Thomas, welcomed the government's decision to strengthen the law around protecting people's information.
He said: "I welcome the government's commitment to strengthen the powers of my Office… enabling us to carry out inspections of organisations which collect and use personal information and to put in place new sanctions for the most serious breaches of data protection principles."
He added the HMRC incident and its aftermath mark a "turning point for data protection in the UK", while public confidence "must be earned through tighter security and other data protection safeguards".